Security and Privacy (S&P)

The programme Security & Privacy (S&P) is no longer eligible for applications. It is being replaced by the new programme Cyber Security (CSE).

Why study the EIT Digital Security & Privacy programme?

The EIT Digital Security & Privacy programme offers:

Front line technical content within the field.

Studies at two of Europe´s foremost technical universities leading to a double degree.

A good integration with tailored Business courses in Innovation and Entrepreneurship.

A thesis work well grounded in industrial problems.

Access to the competence of eight EIT Digital innovation action lines, not least through a summer school between the two years.

Access to the co-location centers and innovation ecosystems of the nine EIT Digital nodes.

What is the programme all about?

The programme in Security and Privacy focusses on the study of the design, development and evaluation of secure computer systems, which are also capable of ensuring privacy for future ICT systems. It follows a constructive security approach to teach the very complex and challenging field of information assurance. The aim is to provide students with an understanding of the concepts and technologies for achieving confidentiality, integrity, authenticity, and privacy protection for information processed across networks.

What are the carrier opportunities for graduates from the programme?

Graduates from the Security & Privacy master’s programme will qualify for jobs in international and local organizations in both technical and business roles. Typical titles are:

(Cyber) Security consultant;

Security Analyst;

(Information) Security Architect;

Operation Manager;

Product Manager.

Through their multidisciplinary attitude graduates are valuable in open innovation settings where different aspects (market, users, social aspects, media technologies) come together. They will easily find jobs within companies that provide value-added products and services, such as telecom companies, game companies, e-learning, web developers, and entertainment. An alternative path would be to start your own company to provide product or technology development, media content, business development or consultancy services.

How is the programme structured?

The programme is a double degree programme with studies at a university in one country in the first year (entry) and studies at a university in another country the second year (exit). The programme has an integrated technical content (Technical major) and business content (Innovation & Entrepreneurship – I&E minor). The I&E minor is shared between all programmes (link). An integral part of the second year is a Master’s thesis (30 ECTS).

The structure and content of the technical major is given below.

Where can I study if I choose Security and Privacy?

Entry - 1st year

UNITN in Trento, Italy

UT, Twente, The Netherlands

Exit - 2nd year, specialization

ELTE Budapest, Hungary

Saarland University, Germany

TUD, Darmstadt, Germany

UNITN in Trento, Italy

UT, Twente, The Netherlands

First year

The first year is similar at the two entry points University of Twente and UNITN in Trento with basic courses on Introduction to Computer Security, Network Security, System Security, Information Security Management, Cryptography and Privacy. In addition to that, some elective courses may be chosen to prepare for a specialization.

An important part of the programme are the Innovation & Entrepreneurship (I&E) courses. The I&E basics course provides an introduction to business and management. The Business Development Lab extends media systems engineering projects by a market survey, a business model generation process, and a venture development exercise. We emphasize user driven innovation and holistic analysis of service, technology, organization and financial perspectives, as new technologies are disruptive for existing business models and almost always have a significant impact on the culture and social relations. Society-relevant themes also are at the core of the summer schools, which bring students from the different entry points together.

Second year

The Programme offers five specializations:

Applied Security at University of Trento

System Security at TU Darmstadt

Information Security and Privacy at Saarland University

Advanced Cryptography at ELTE

Cyber Security: High Tech, Human Touch at University of Twente

Specializations

Cyber Security: High Tech, Human Touch (University of Twente)

Andreas Peter is an assistant professor at the University of Twente (Netherlands) and the local node-coordinator of the EIT Digital Security & Privacy specialization in Twente. His research focuses on both fundamental and applied security and privacy aspects in diverse application domains. In particular, he is interested in the design and analysis of privacy-enhancing technologies and cryptographic protocols.

Although cryptography has been around for quite some time, emerging concepts such as “Bring Your Own Technology”, the “Internet of Everything”, or “Crypto Currencies”, that increasingly exploit mobility and personalization, put new requirements on security technologies; think about the e-cigarette USB-charger that infects a big corporation with malware. Today’s high diversity of Internet-connected systems and services led to a substantial increase of (new) cyber-attacks in the past years. Such Internet-connected systems can be found in almost every domain, including critical infrastructures (e.g., water supply), as well as in large-scale services (e.g., hospitals) and embedded systems (e.g., in-car control systems). Notably, many risks for such systems are not solely technical but use the human factor as a characteristic element (e.g., through social engineering).

Our specialization looks at the many risks in the above-mentioned settings and provides mitigations that can be used at design time and at operation time, while taking into account the specific requirements of the various systems and the impact that risks might have. As a distinguishing element, we include the “human touch” in our attack analysis and mitigation techniques (e.g., replacing password-checks with biometric-verification or raising situational awareness to mitigate social engineering attacks).

Specialization Courses:

Secure Data Management (5 EC)

Introduction to Biometrics (5 EC)

Economics of Security (5 EC)

Cyber Security Management (5 EC)

Security Verification (5 EC)

Quantum Cryptography (5 EC)

Computer Ethics (5 EC)

This EIT Digital specialization is embedded in the 4TU Master specialization on Cyber Security at the University of Twente. For more information (including scheduling and sample study plans), please visit: http://www.4tu.nl/cybsec

Information Security and Privacy (Saarland University)

Prof. Michael Backes is the coordinator of the Security and Privacy programme at Saarland University, Germany. He is a full professor at the Department of Computer Science and leads the Center for IT-Security, Privacy and Accountability (CISPA) located at Saarland University. In addition, he founded a spin-off company called Backes:SRT that develops technologies to improve data protection in secure communication. Furthermore, he is supervising 10 graduate students which are highly involved in teaching and advising bachelor’s and master’s theses.

Christian Hammer is an assistant professor at CISPA, Saarland University and is the faculty contact for the Security and Privacy programme at this node. His research interests includes systems security, in particular for the andriod platform, and web security in the context of javaScript. His research on security for programming languages centers around information flow control techniques, that control where secret infromation is allowed to be used. He also collaborates with IBM Research to investigate secure multicore programming.

The Information Security and Privacy specialisation connects provably secure and privacy-preserving concepts with practically deployable applications. This area offers many possible directions for the students such as Android Security, Web Security, or Synthesis of Distributed Applications, to name a few. Working on these concrete domains, the student learns how to use complex cryptographic primitives as well as information flow analyses in order to guarantee privacy of software systems.

In the last 6 months of their studies, students choose a topic for their master’s thesis. The topic can be based on an idea of the student, or the student can approach a professor to suggest a topic tailored to the individual interest and previous knowledge of the student. For instance, a student interested in android security could contribute to AppGuard, which is an application allowing selective revocation of permissions on android.

Advanced Cryptography (ELTE)

Security and Privacy are crucial issues for citizens and customers using IT-based systems. The specialisation focuses on the general ideas, techniques and methods of Applied Cryptography as well as on the theoretical background and solid knowledge, putting security in a wider context. Security and Privacy is considered both from the technological and from the economical point of view, which supports decisions in many practical cases.

Applied cryptography serves as a base for most of the secure IT-systems (e.g. in Future Media and Content Delivery, Smart Spaces, Digital cities, Health and ICT-Mediated Human Activity, and Enabling the Internet of the Future).

Graduates are

able to manage all the typical cryptographic challenges in IT-Systems,

able to develop cryptosystems under various circumstances,

aware of the theoretical and practical background, and

offered internships at our partner IT companies and research institutes.

Specialisation Mandatory Courses (24 ECTS):

Advanced cryptography (6 ECTS)

Cryptography and its applications (6 ECTS)

Cryptographic protocols (6 ECTS)

Economics of Security and Privacy (6 ECTS)

Specialisation Electives:

Applied Cryptography Project Seminar (6 ECTS)

System Security (TU Darmstadt)

Prof. Dr. Matthias Hollick is a full professor at TU Darmstadt, where he is heading the Secure Mobile Networking Lab (SEEMOO), which is part of the Center for Advanced Security Research Darmstadt (CASED). His research interests lie in the areas of security, resiliency, and quality of service for mobile and wireless networks.

Prof. Dr. Stefan Katzenbeisser is a full professor at TU Darmstadt, where he is heading the Secureity Engineering Lab (SecEng). His main research interests are in the area of the design and analysis of cryptographic protocols, privacy-enahnaicng technologies, and software security.

The system security specialisation emphasizes on the IT security aspects of large and complex networked systems such Smart Energy Systems, Digital Cities, the Future Internet, etc. It thus provides a direct link to the respective thematic areas of the EIT Digital research and innovation agenda. These areas are characterized by an increasing complexity of the underlying ICT systems. More precisely, they comprise a multitude of software and hardware components, which in combination form complex ICT systems. IT security and privacy needs to acknowledge such complex ICT, and go beyond a narrow and specialized focus. With the system security specialisation, TU Darmstadt will equip the next generation of security researchers, entrepreneurs, and professionals with the necessary knowledge to master ICT security and privacy in a networked world.

Specialisation courses (the course catalogue varies for the 3rd and 4th term; courses marked with an asterisk (*) are generally offered in the summer term. I.e. they are available, if the students perform their final thesis already in the 3rd term of the master program).

Specialisation Mandatory Courses (min. 26 ECTS):

Secure, Trusted and Trustworthy Computing (6 ECTS)

Static and Dynamical Program Analysis (6 ECTS)

* Operating Systems II: Dependability and Trust (8 ECTS)

* Privacy-Enhancing Technologies (3 ECTS)

Seminars/advanced seminars (3-4 ECTS)

Specialisation Electives 3rd Term:

Security Requirements Engineering (4 ECTS)

Cryptographic Pearls (6 ECTS)

Post-quantum Cryptography (6 ECTS)

Operating Systems (8 ECTS)

Lab Exercises in System Security (3-4 ECTS)

Specialisation Electives 4rd Term:

Security Requirements Engineering (4 ECTS)

* Secure Mobile Systems (3 ECTS)

* Embedded System Security (6 ECTS)

* Cryptographic Protocols (6 ECTS)

* Formal Methods in Information Security (9 ECTS)

Lab Exercises in System Security (3-6 ECTS)

Applied Security (University of Trento)

Prof. Dr. Fabio Massacci received a M.Eng. in 1993 and Ph.D. in Computer Science and Engineering at University of Rome La Sapienza in 1998. He visited Cambridge University in 1996-97 and was visiting researcher at IRIT Toulouse in 2000. He joined the University of Siena as assistant professor in 1999, and in 2001 he became a full professor at the University of Trento.His research interests are in security requirements engineering and verification and load-time security for mobile and embedded systems (Security-by-Contract). He co-founded the ESSOS with W. Jousen, Engineering Secure Software and Systems Symposium, which aims at bringing together requirements, software engineers and security experts. He was leading the Empirical Security Requirements and Risk Engineering Challenge (ERISE). He has been a scientific coordinator of multimillion-euro EU projects on security compliance, security engineering and secure evolution.

In many practical contexts such as Digital Cities or Smart Energy Systems, Security and Privacy are seen by IT vendors as additional costs which customers are not really willing to pay for. Even in the framework of cyber security low protection mechanisms might be chosen to save costs. The specialisation focuses on the challenge of guaranteeing the right level of security to an application that is substantiated by empirical evidence.

Graduates are able to

identify the appropriate security technology that can be deployed.

develop appropriate solutions for the industry scenarios of cybersecurity and citizen’s security.

describe and justify the benefits for such choices based on empirical results.